OT: Windows serial port sniffing

Charles Jones charles.jones at ciscolearning.org
Mon Aug 18 08:46:49 MST 2008


This is technically a windows question, but I thought I would ask here 
anyway, because many of us were hacking before MS-windows existed, and 
also ran various versions of MS-windows in our time (which is why we 
love Linux so much now!) and have dealt with serial ports from dealing 
with modems and the like. I figured I would tell you all about a minor 
problem I am thinking of tackling, and see if you had any suggestions.

I'm dealing with an RFID badge-access system that uses windows-based 
administration software. Basically some software that runs on windows, 
using an mssql db, and communicates with the hardware via the serial port.

The software has a function to send a timed pulse to unlock a door(s) 
for X number of seconds.  I'm looking for a way to do the same thing, 
but from another machine so that I can use a script or even a CGI to 
control the door. Yes, I realize this opens us up to someone "hacking" 
their way into the office, but we also have a security system and if 
they have root on our servers then we have bigger problems :)  I digress...

I have some long ago experience in serial port programming. In school I 
wrote a voicemail system in Turbo Pascal (heh), that controlled a POTS 
line via a relay that I connected to the serial port. I remember 
studying the serial port pinouts and figuring out how to control the 
voltage level to each of the pins.

That being said, I have several things I have to consider:
* Is the door lock pulse simply a voltage level sent to the serial port, 
or is there some sort of protocol (an actual serial connection) between 
the computer and the hardware?
* Is the signal being sent just a toggle, or a specific turn on/off events?

I basically need a way to snoop the serial port to see what is being 
sent, but I'm not sure of the best way to do it.  If it is just voltage 
levels being sent to the hardware, I could do it with just a multimeter 
and figure out which pins it is activating.  However, if there is an 
actual serial connection (null modem or something) going on, it will be 
much more difficult to observe what data is being sent. I think also you 
can purchase an in-line dongle that has LEDs that will show the status 
of the data lines.

I suppose one of the first things I could do is to just unplug the 
serial port, and try to use any functions that talk to the hardware.  If 
there is any data connection required, it should complain that it is not 
connected.

Theoretically I could write a small a small C++, (or even Win32 perl) 
daemon that would run on the winblows machine and provide a way to 
toggle the lock/unlock signal via a TCPIP connection. I may run into a 
snag where, if I remember correctly, if something has control of a 
serial port in Windows, no other process can open it.  Maybe I could do 
something sneaky like a Y-adapter and just send the signal from another 
machine altogether. I wonder if I would have to use some diodes to keep 
any voltage from one leg of the Y from traveling back to the other 
machines serial port...hmmm


More information about the PLUG-discuss mailing list